“CSEC does not direct its activities at Canadians and is prohibited by law from doing so,” its chief, John Forster, said in a rare public statement.

But that's just what CSE says for public consumption.

Here's what the agency tells its oversight commissioner in private (text from documents released under ATIP request CSEC_A-2012_00035):

CSEC advised the Commissioner’s office during discussions that it uses part (c) of its mandate for three purposes: 1. to provide technical assistance to CSIS/LEAs [Canadian Security Intelligence Service and Canadian law enforcement agencies]; 2. to assist CSIS under s. 16 of the CSIS Act; and 3. to assist CSIS/LEAs by intercepting the communications of a Canadian/person in Canada that is subject to a CSIS warrant (s. 12 of the CSIS Act) or an LEA’s authorization (under Part VI of the Criminal Code). [Emphasis added]

Let me repeat that last bit: "intercepting the communications of a Canadian/person in Canada".

Now, Chief Forster probably thinks he's telling the truth - or some reasonable facsimile thereof - when he says CSE doesn't "direct" "its activities" at Canadians. He, like other CSE spokespeople, always has a secret asterisk appended to these statements in his head that goes something like this: Monitoring of Canadians undertaken in support of CSIS and LEAs is not a CSE activity; when CSE conducts what it calls mandate (c) operations, it is actually providing support to a CSIS/LEA activity, not conducting its own activity. CSE's own "activities" are undertaken under the agency's mandates (a) and (b) (foreign intelligence collection and protection of critical information infrastructures), and although information about Canadians is sometimes also collected in the course of those operations, in those cases the collection is "directed" at foreign targets and, thus, although Canadian communications may be intercepted, such operations are not "directed" at Canadians.

But the foregoing is not what the average Canadian, or even the average member of parliament, would conclude when given the assurance that “CSEC does not direct its activities at Canadians and is prohibited by law from doing so.”

And CSE knows that very well.

It may be that CSE's collection of Canadian communications is limited, reasonable, lawful, and subject to rigorous policies and procedures designed to protect the privacy of Canadians.

But how can we trust people whose public assurances all have to be parsed for secret asterisks?

How can Canadians have a public debate about where to draw the line between privacy and security when their government refuses to give honest, straight answers to the most basic questions at issue?